As it is currently used, a computer terminal, such as a computer station, can be connected to communication networks between computers locally or worldwide. Via the connection to the communication network, such as the Internet or Intranet network, it is possible to use or take advantage of several applications or services offered by one or more operators. In order to do this, a link from the computer terminal to at least one dedicated server has to be established.
A user authentication or identification may also be required for applications, which concern the management of rights of access through the communication network. Generally, the user has to introduce a password or access code using the computer terminal keyboard in order to be connected in a personalised manner to a required service. Insofar as several access codes have to be introduced using the keyboard for connection to various on line services, this requires the user to know all the access codes, which is inconvenient.
Some applications or services, which are obtained through the computer network, require greater security for the user of the computer terminal. These applications or services concern for example e-tickets, payment or e-purse, usual credit card payment, or assigning and managing physical access rights, such as electronic keys for hotel rooms, clubs or halls. In such case, after identifying the user, the data transferred between the server and the computer terminal is generally encrypted by a conventional encryption algorithm.
Protection of encrypted personal data, which is exchanged between the server and the computer terminal, is generally achieved by monitoring and protection software operating in the computer terminal. However, even with such monitoring software, the encrypted data exchanged is likely to remain visible in the terminal. This can allow a computer pirate to spy on the various data exchanges using a computer spy virus (Trojan horse), which means that the person data transferred is not totally secure.
The information drawn from encrypted data received from several applications by the computer terminal can also be transferred to a storage support, such as a chip with an identification code. In accordance with the present invention, as will be summarized below, a read unit is thus connected to the computer terminal in order to transmit wireless data signals for example to a transponder, which includes the chip. In order to do this, the transponder, in accordance with the present invention, must be located in a determined zone around the read unit in order to pick up the radiofrequency signals transmitted by the read unit. The read unit must first of all identify the transponder. Once the transponder of the present invention has been recognised, the data to be transmitted is encoded using a conventional encryption algorithm between the transponder and the associated read unit.
This transponder, according to the present invention, can be mounted in any type of portable object, such as a watch, an electronic badge, a card or a portable telephone. This enables a user, in accordance with the present invention, to transport the portable object fitted with the transponder easily in order to use the stored data relating to several applications in several service provider places. According to the present invention, personal access codes to various applications can be stored in the transponder chip and transmitted, during connection to the communication network, to the dedicated server from the terminal. However, as explained above with respect to conventional applications, the personal data is likely to be visible to a computer pirate during encrypted data transfer operations between the server and the computer terminal. Thus, even while ensuring a secure data transfer between the read unit connected to the computer terminal and the transponder in the portable object, the security of the user's personal data is not entirely guaranteed.
It is thus a main object of the present invention to provide a method for the authentication and secure wireless exchange of data between a personalised chip and a dedicated server in a transparent manner to the computer terminal connected to the communication network in order to overcome the aforementioned drawbacks of conventional applications and systems. Moreover, another object of the present invention it that an on-line connection to various personalised services can be achieved more simply.